1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright (C) 2018 IBM Corp. 3 4 #define _GNU_SOURCE 5 #include <assert.h> 6 #include <errno.h> 7 #include <fcntl.h> 8 #include <getopt.h> 9 #include <limits.h> 10 #include <poll.h> 11 #include <stdbool.h> 12 #include <stdint.h> 13 #include <stdio.h> 14 #include <stdlib.h> 15 #include <string.h> 16 #include <syslog.h> 17 #include <signal.h> 18 #include <sys/ioctl.h> 19 #include <sys/mman.h> 20 #include <sys/stat.h> 21 #include <sys/timerfd.h> 22 #include <sys/types.h> 23 #include <time.h> 24 #include <unistd.h> 25 #include <inttypes.h> 26 #include <mtd/mtd-abi.h> 27 28 #include "mboxd.h" 29 #include "common.h" 30 #include "transport_mbox.h" 31 #include "windows.h" 32 #include "backend.h" 33 34 /* Initialisation Functions */ 35 36 /* 37 * init_window_state() - Initialise a new window to a known state 38 * @window: The window to initialise 39 * @size: The size of the window 40 */ 41 static void init_window_state(struct window_context *window, uint32_t size) 42 { 43 window->mem = NULL; 44 window->flash_offset = FLASH_OFFSET_UNINIT; 45 window->size = size; 46 window->dirty_bmap = NULL; 47 window->age = 0; 48 } 49 50 /* 51 * init_window_mem() - Divide the reserved memory region among the windows 52 * @context: The mbox context pointer 53 * 54 * Return: 0 on success otherwise negative error code 55 */ 56 static int init_window_mem(struct mbox_context *context) 57 { 58 void *mem_location = context->mem; 59 int i; 60 61 /* 62 * Carve up the reserved memory region and allocate it to each of the 63 * windows. The windows are placed one after the other in ascending 64 * order, so the first window will be first in memory and so on. We 65 * shouldn't have allocated more windows than we have memory, but if we 66 * did we will error out here 67 */ 68 for (i = 0; i < context->windows.num; i++) { 69 uint32_t size = context->windows.window[i].size; 70 MSG_DBG("Window %d @ %p for size 0x%.8x\n", i, 71 mem_location, size); 72 context->windows.window[i].mem = mem_location; 73 mem_location += size; 74 if (mem_location > (context->mem + context->mem_size)) { 75 /* Tried to allocate window past the end of memory */ 76 MSG_ERR("Total size of windows exceeds reserved mem\n"); 77 MSG_ERR("Try smaller or fewer windows\n"); 78 MSG_ERR("Mem size: 0x%.8x\n", context->mem_size); 79 return -1; 80 } 81 } 82 83 return 0; 84 } 85 /* 86 * windows_init() - Initalise the window cache 87 * @context: The mbox context pointer 88 * 89 * Return: 0 on success otherwise negative 90 */ 91 int windows_init(struct mbox_context *context) 92 { 93 int i; 94 95 /* Check if window size and number set - otherwise set to default */ 96 if (!context->windows.default_size) { 97 /* Default to 1MB windows */ 98 context->windows.default_size = 1 << 20; 99 } 100 MSG_INFO("Window size: 0x%.8x\n", context->windows.default_size); 101 if (!context->windows.num) { 102 /* Use the entire reserved memory region by default */ 103 context->windows.num = context->mem_size / 104 context->windows.default_size; 105 } 106 MSG_INFO("Number of windows: %d\n", context->windows.num); 107 108 context->windows.window = calloc(context->windows.num, 109 sizeof(*context->windows.window)); 110 if (!context->windows.window) { 111 MSG_ERR("Memory allocation failed\n"); 112 return -1; 113 } 114 115 for (i = 0; i < context->windows.num; i++) { 116 init_window_state(&context->windows.window[i], 117 context->windows.default_size); 118 } 119 120 return init_window_mem(context); 121 } 122 123 /* 124 * windows_free() - Free the window cache 125 * @context: The mbox context pointer 126 */ 127 void windows_free(struct mbox_context *context) 128 { 129 int i; 130 131 /* Check window cache has actually been allocated */ 132 if (context->windows.window) { 133 for (i = 0; i < context->windows.num; i++) { 134 free(context->windows.window[i].dirty_bmap); 135 } 136 free(context->windows.window); 137 } 138 } 139 140 /* Write from Window Functions */ 141 142 /* 143 * window_flush_v1() - Handle writing when erase and block size differ 144 * @context: The mbox context pointer 145 * @offset_bytes: The offset in the current window to write from (bytes) 146 * @count_bytes: Number of bytes to write 147 * 148 * Handle a window_flush for dirty memory when block_size is less than the 149 * flash erase size 150 * This requires us to be a bit careful because we might have to erase more 151 * than we want to write which could result in data loss if we don't have the 152 * entire portion of flash to be erased already saved in memory (for us to 153 * write back after the erase) 154 * 155 * Return: 0 on success otherwise negative error code 156 */ 157 int window_flush_v1(struct mbox_context *context, 158 uint32_t offset_bytes, uint32_t count_bytes) 159 { 160 int rc; 161 uint32_t flash_offset; 162 struct window_context low_mem = { 0 }, high_mem = { 0 }; 163 164 /* Find where in phys flash this is based on the window.flash_offset */ 165 flash_offset = context->current->flash_offset + offset_bytes; 166 167 /* 168 * low_mem.flash_offset = erase boundary below where we're writing 169 * low_mem.size = size from low_mem.flash_offset to where we're writing 170 * 171 * high_mem.flash_offset = end of where we're writing 172 * high_mem.size = size from end of where we're writing to next erase 173 * boundary 174 */ 175 low_mem.flash_offset = align_down(flash_offset, 176 1 << context->backend.erase_size_shift); 177 low_mem.size = flash_offset - low_mem.flash_offset; 178 high_mem.flash_offset = flash_offset + count_bytes; 179 high_mem.size = align_up(high_mem.flash_offset, 180 1 << context->backend.erase_size_shift) - 181 high_mem.flash_offset; 182 183 /* 184 * Check if we already have a copy of the required flash areas in 185 * memory as part of the existing window 186 */ 187 if (low_mem.flash_offset < context->current->flash_offset) { 188 /* Before the start of our current window */ 189 low_mem.mem = malloc(low_mem.size); 190 if (!low_mem.mem) { 191 MSG_ERR("Unable to allocate memory\n"); 192 return -ENOMEM; 193 } 194 rc = backend_copy(&context->backend, low_mem.flash_offset, 195 low_mem.mem, low_mem.size); 196 if (rc < 0) { 197 goto out; 198 } 199 } 200 if ((high_mem.flash_offset + high_mem.size) > 201 (context->current->flash_offset + context->current->size)) { 202 /* After the end of our current window */ 203 high_mem.mem = malloc(high_mem.size); 204 if (!high_mem.mem) { 205 MSG_ERR("Unable to allocate memory\n"); 206 rc = -ENOMEM; 207 goto out; 208 } 209 rc = backend_copy(&context->backend, high_mem.flash_offset, 210 high_mem.mem, high_mem.size); 211 if (rc < 0) { 212 goto out; 213 } 214 } 215 216 /* 217 * We need to erase the flash from low_mem.flash_offset-> 218 * high_mem.flash_offset + high_mem.size 219 */ 220 rc = backend_erase(&context->backend, low_mem.flash_offset, 221 (high_mem.flash_offset - low_mem.flash_offset) + 222 high_mem.size); 223 if (rc < 0) { 224 MSG_ERR("Couldn't erase flash\n"); 225 goto out; 226 } 227 228 /* Write back over the erased area */ 229 if (low_mem.mem) { 230 /* Exceed window at the start */ 231 rc = backend_write(&context->backend, low_mem.flash_offset, 232 low_mem.mem, low_mem.size); 233 if (rc < 0) { 234 goto out; 235 } 236 } 237 rc = backend_write(&context->backend, flash_offset, 238 context->current->mem + offset_bytes, count_bytes); 239 if (rc < 0) { 240 goto out; 241 } 242 /* 243 * We still need to write the last little bit that we erased - it's 244 * either in the current window or the high_mem window. 245 */ 246 if (high_mem.mem) { 247 /* Exceed window at the end */ 248 rc = backend_write(&context->backend, high_mem.flash_offset, 249 high_mem.mem, high_mem.size); 250 if (rc < 0) { 251 goto out; 252 } 253 } else { 254 /* Write from the current window - it's atleast that big */ 255 rc = backend_write(&context->backend, high_mem.flash_offset, 256 context->current->mem + offset_bytes + 257 count_bytes, high_mem.size); 258 if (rc < 0) { 259 goto out; 260 } 261 } 262 263 out: 264 free(low_mem.mem); 265 free(high_mem.mem); 266 return rc; 267 } 268 269 /* 270 * window_flush() - Write back to the flash from the current window 271 * @context: The mbox context pointer 272 * @offset_bytes: The offset in the current window to write from (blocks) 273 * @count_bytes: Number of blocks to write 274 * @type: Whether this is an erase & write or just an erase 275 * 276 * Return: 0 on success otherwise negative error code 277 */ 278 int window_flush(struct mbox_context *context, uint32_t offset, 279 uint32_t count, uint8_t type) 280 { 281 int rc; 282 uint32_t flash_offset, count_bytes = count << context->backend.block_size_shift; 283 uint32_t offset_bytes = offset << context->backend.block_size_shift; 284 285 switch (type) { 286 case WINDOW_ERASED: /* >= V2 ONLY -> block_size == erasesize */ 287 flash_offset = context->current->flash_offset + offset_bytes; 288 rc = backend_erase(&context->backend, flash_offset, 289 count_bytes); 290 if (rc < 0) { 291 MSG_ERR("Couldn't erase flash\n"); 292 return rc; 293 } 294 break; 295 case WINDOW_DIRTY: 296 /* 297 * For protocol V1, block_size may be smaller than erase size 298 * so we have a special function to make sure that we do this 299 * correctly without losing data. 300 */ 301 if (context->backend.erase_size_shift != 302 context->backend.block_size_shift) { 303 return window_flush_v1(context, offset_bytes, 304 count_bytes); 305 } 306 flash_offset = context->current->flash_offset + offset_bytes; 307 308 /* Erase the flash */ 309 rc = backend_erase(&context->backend, flash_offset, 310 count_bytes); 311 if (rc < 0) { 312 return rc; 313 } 314 315 /* Write to the erased flash */ 316 rc = backend_write(&context->backend, flash_offset, 317 context->current->mem + offset_bytes, 318 count_bytes); 319 if (rc < 0) { 320 return rc; 321 } 322 323 break; 324 default: 325 /* We shouldn't be able to get here */ 326 MSG_ERR("Write from window with invalid type: %d\n", type); 327 return -EPERM; 328 } 329 330 return 0; 331 } 332 333 /* Window Management Functions */ 334 335 /* 336 * windows_alloc_dirty_bytemap() - (re)allocate all the window dirty bytemaps 337 * @context: The mbox context pointer 338 */ 339 void windows_alloc_dirty_bytemap(struct mbox_context *context) 340 { 341 struct window_context *cur; 342 int i; 343 344 for (i = 0; i < context->windows.num; i++) { 345 cur = &context->windows.window[i]; 346 /* There may already be one allocated */ 347 free(cur->dirty_bmap); 348 /* Allocate the new one */ 349 cur->dirty_bmap = calloc((context->windows.default_size >> 350 context->backend.block_size_shift), 351 sizeof(*cur->dirty_bmap)); 352 } 353 } 354 355 /* 356 * window_set_bytemap() - Set the window bytemap 357 * @context: The mbox context pointer 358 * @cur: The window to set the bytemap of 359 * @offset: Where in the window to set the bytemap (blocks) 360 * @size: The number of blocks to set 361 * @val: The value to set the bytemap to 362 * 363 * Return: 0 on success otherwise negative error code 364 */ 365 int window_set_bytemap(struct mbox_context *context, struct window_context *cur, 366 uint32_t offset, uint32_t size, uint8_t val) 367 { 368 if (offset + size > (cur->size >> context->backend.block_size_shift)) { 369 MSG_ERR("Tried to set window bytemap past end of window\n"); 370 MSG_ERR("Requested offset: 0x%x size: 0x%x window size: 0x%x\n", 371 offset << context->backend.block_size_shift, 372 size << context->backend.block_size_shift, 373 cur->size << context->backend.block_size_shift); 374 return -EACCES; 375 } 376 377 memset(cur->dirty_bmap + offset, val, size); 378 return 0; 379 } 380 381 /* 382 * windows_close_current() - Close the current (active) window 383 * @context: The mbox context pointer 384 * @flags: Flags as defined for a close command in the protocol 385 * 386 * This closes the current window. If the host has requested the current window 387 * be closed then we don't need to set the bmc event bit 388 * (set_bmc_event == false), otherwise if the current window has been closed 389 * without the host requesting it the bmc event bit must be set to indicate this 390 * to the host (set_bmc_event == true). 391 */ 392 void windows_close_current(struct mbox_context *context, uint8_t flags) 393 { 394 MSG_DBG("Close current window, flags: 0x%.2x\n", flags); 395 396 if (flags & FLAGS_SHORT_LIFETIME) { 397 context->current->age = 0; 398 } 399 400 context->current = NULL; 401 context->current_is_write = false; 402 } 403 404 /* 405 * window_reset() - Reset a window context to a well defined default state 406 * @context: The mbox context pointer 407 * @window: The window to reset 408 */ 409 void window_reset(struct mbox_context *context, struct window_context *window) 410 { 411 window->flash_offset = FLASH_OFFSET_UNINIT; 412 window->size = context->windows.default_size; 413 if (window->dirty_bmap) { /* Might not have been allocated */ 414 window_set_bytemap(context, window, 0, 415 window->size >> context->backend.block_size_shift, 416 WINDOW_CLEAN); 417 } 418 window->age = 0; 419 } 420 421 /* 422 * windows_reset_all() - Reset all windows to a well defined default state 423 * @context: The mbox context pointer 424 * 425 * @return True if there was a window open that was closed, false otherwise 426 */ 427 bool windows_reset_all(struct mbox_context *context) 428 { 429 bool closed = context->current; 430 int i; 431 432 MSG_DBG("Resetting all windows\n"); 433 434 context->windows.max_age = 0; 435 436 /* We might have an open window which needs closing */ 437 438 if (context->current) { 439 windows_close_current(context, FLAGS_NONE); 440 } 441 442 for (i = 0; i < context->windows.num; i++) { 443 window_reset(context, &context->windows.window[i]); 444 } 445 446 return closed; 447 } 448 449 /* 450 * windows_find_oldest() - Find the oldest (Least Recently Used) window 451 * @context: The mbox context pointer 452 * 453 * Return: Pointer to the least recently used window 454 */ 455 struct window_context *windows_find_oldest(struct mbox_context *context) 456 { 457 struct window_context *oldest = NULL, *cur; 458 uint32_t min_age = context->windows.max_age + 1; 459 int i; 460 461 for (i = 0; i < context->windows.num; i++) { 462 cur = &context->windows.window[i]; 463 464 if (cur->age < min_age) { 465 min_age = cur->age; 466 oldest = cur; 467 } 468 } 469 470 return oldest; 471 } 472 473 /* 474 * windows_find_largest() - Find the largest window in the window cache 475 * @context: The mbox context pointer 476 * 477 * Return: The largest window 478 */ 479 struct window_context *windows_find_largest(struct mbox_context *context) 480 { 481 struct window_context *largest = NULL, *cur; 482 uint32_t max_size = 0; 483 int i; 484 485 for (i = 0; i < context->windows.num; i++) { 486 cur = &context->windows.window[i]; 487 488 if (cur->size > max_size) { 489 max_size = cur->size; 490 largest = cur; 491 } 492 } 493 494 return largest; 495 } 496 497 /* 498 * windows_search() - Search the window cache for a window containing offset 499 * @context: The mbox context pointer 500 * @offset: Absolute flash offset to search for (bytes) 501 * @exact: If the window must exactly map the requested offset 502 * 503 * This will search the cache of windows for one containing the requested 504 * offset. For V1 of the protocol windows must exactly map the offset since we 505 * can't tell the host how much of its request we actually mapped and it will 506 * thus assume it can access window->size from the offset we give it. 507 * 508 * Return: Pointer to a window containing the requested offset otherwise 509 * NULL 510 */ 511 struct window_context *windows_search(struct mbox_context *context, 512 uint32_t offset, bool exact) 513 { 514 struct window_context *cur; 515 int i; 516 517 MSG_DBG("Searching for window which contains 0x%.8x %s\n", 518 offset, exact ? "exactly" : ""); 519 for (i = 0; i < context->windows.num; i++) { 520 cur = &context->windows.window[i]; 521 if (cur->flash_offset == FLASH_OFFSET_UNINIT) { 522 /* Uninitialised Window */ 523 if (offset == FLASH_OFFSET_UNINIT) { 524 return cur; 525 } 526 continue; 527 } 528 if ((offset >= cur->flash_offset) && 529 (offset < (cur->flash_offset + cur->size))) { 530 if (exact && (cur->flash_offset != offset)) { 531 continue; 532 } 533 /* This window contains the requested offset */ 534 cur->age = ++(context->windows.max_age); 535 return cur; 536 } 537 } 538 539 return NULL; 540 } 541 542 /* 543 * windows_create_map() - Create a window mapping which maps the requested offset 544 * @context: The mbox context pointer 545 * @this_window: A pointer to update to the "new" window 546 * @offset: Absolute flash offset to create a mapping for (bytes) 547 * @exact: If the window must exactly map the requested offset 548 * 549 * This is used to create a window mapping for the requested offset when there 550 * is no existing window in the cache which satisfies the offset. This involves 551 * choosing an existing window from the window cache to evict so we can use it 552 * to store the flash contents from the requested offset, we then point the 553 * caller to that window since it now maps their request. 554 * 555 * Return: 0 on success otherwise negative error code 556 */ 557 int windows_create_map(struct mbox_context *context, 558 struct window_context **this_window, uint32_t offset, 559 bool exact) 560 { 561 struct window_context *cur = NULL; 562 int rc; 563 564 MSG_DBG("Creating window which maps 0x%.8x %s\n", offset, 565 exact ? "exactly" : ""); 566 567 /* Search for an uninitialised window, use this before evicting */ 568 cur = windows_search(context, FLASH_OFFSET_UNINIT, true); 569 570 /* No uninitialised window found, we need to choose one to "evict" */ 571 if (!cur) { 572 MSG_DBG("No uninitialised window, evicting one\n"); 573 cur = windows_find_oldest(context); 574 window_reset(context, cur); 575 } 576 577 /* 578 * In case of the virtual pnor, as of now it's possible that a window may 579 * have content less than it's max size. We basically copy one flash partition 580 * per window, and some partitions are smaller than the max size. An offset 581 * right after such a small partition ends should lead to new mapping. The code 582 * below prevents that. 583 */ 584 #ifndef VIRTUAL_PNOR_ENABLED 585 if (!exact) { 586 /* 587 * It would be nice to align the offsets which we map to window 588 * size, this will help prevent overlap which would be an 589 * inefficient use of our reserved memory area (we would like 590 * to "cache" as much of the acutal flash as possible in 591 * memory). If we're protocol V1 however we must ensure the 592 * offset requested is exactly mapped. 593 */ 594 offset &= ~(cur->size - 1); 595 } 596 #endif 597 598 if (offset > context->backend.flash_size) { 599 MSG_ERR("Tried to open read window past flash limit\n"); 600 return -EINVAL; 601 } else if ((offset + cur->size) > context->backend.flash_size) { 602 /* 603 * There is V1 skiboot implementations out there which don't 604 * mask offset with window size, meaning when we have 605 * window size == flash size we will never allow the host to 606 * open a window except at 0x0, which isn't always where the 607 * host requests it. Thus we have to ignore this check and just 608 * hope the host doesn't access past the end of the window 609 * (which it shouldn't) for V1 implementations to get around 610 * this. 611 */ 612 if (context->version == API_VERSION_1) { 613 cur->size = align_down(context->backend.flash_size - offset, 614 1 << context->backend.block_size_shift); 615 } else { 616 /* 617 * Allow requests to exceed the flash size, but limit 618 * the response to the size of the flash. 619 */ 620 cur->size = context->backend.flash_size - offset; 621 } 622 } 623 624 /* Copy from flash into the window buffer */ 625 rc = backend_copy(&context->backend, offset, cur->mem, cur->size); 626 if (rc < 0) { 627 /* We don't know how much we've copied -> better reset window */ 628 window_reset(context, cur); 629 return rc; 630 } 631 /* 632 * rc isn't guaranteed to be aligned, so align up 633 * 634 * FIXME: This should only be the case for the vpnor ToC now, so handle 635 * it there 636 */ 637 cur->size = align_up(rc, (1ULL << context->backend.block_size_shift)); 638 /* Would like a known value, pick 0xFF to it looks like erased flash */ 639 memset(cur->mem + rc, 0xFF, cur->size - rc); 640 641 /* 642 * Since for V1 windows aren't constrained to start at multiples of 643 * window size it's possible that something already maps this offset. 644 * Reset any windows which map this offset to avoid coherency problems. 645 * We just have to check for anything which maps the start or the end 646 * of the window since all windows are the same size so another window 647 * cannot map just the middle of this window. 648 */ 649 if (context->version == API_VERSION_1) { 650 uint32_t i; 651 652 MSG_DBG("Checking for window overlap\n"); 653 654 for (i = offset; i < (offset + cur->size); i += (cur->size - 1)) { 655 struct window_context *tmp = NULL; 656 do { 657 tmp = windows_search(context, i, false); 658 if (tmp) { 659 window_reset(context, tmp); 660 } 661 } while (tmp); 662 } 663 } 664 665 /* Clear the bytemap of the window just loaded -> we know it's clean */ 666 window_set_bytemap(context, cur, 0, 667 cur->size >> context->backend.block_size_shift, 668 WINDOW_CLEAN); 669 670 /* Update so we know what's in the window */ 671 cur->flash_offset = offset; 672 cur->age = ++(context->windows.max_age); 673 *this_window = cur; 674 675 return 0; 676 } 677